[Pkg-aide-maintainers] Bug#442214: aide: Aide issues false alarms
Bill Wohler
wohler at newt.com
Wed Jul 23 20:45:05 UTC 2008
Marc Haber <mh+debian-packages at zugschlus.de> wrote:
> I have instead committed the following patch to the README file which
> will hopefully make things a lot more clearer than they were explained
> in the previous README file. I'd appreciate your comments.
Excellent!
> + - set COMMAND="update" and COPYNEWDB="yes" and live with the fact
> + that changes to the filesystem will only be reported once and never
> + again.
I found that setting COPYNEWDB to yes suits me well.
I also found that because this setting trashes the old database, you
don't have a chance to later run aide --compare to see how a particular
file changed. I therefore added AIDEARGS="-V5" to /etc/default/aide.
Because you're updating the database every day, the emails still tend to
be small, and even if they are large and get truncated (due to a system
update, say), you still have the output in /var/log/aide.
I think it would be good to mention that issue in the COMMAND="update"
and COPYNEWDB="yes" item.
--
Bill Wohler <wohler at newt.com> http://www.newt.com/wohler/ GnuPG ID:610BD9AD
More information about the Pkg-aide-maintainers
mailing list